Overview

Scenario

Direct Connect establishes a dedicated, secure, and stable network connection between your on-premises data center and VPCs. It can work together with an enterprise router to build a large-scale hybrid cloud network.

VPN establishes a secure, encrypted communication tunnel between your on-premises data center and your VPC. Compared with Direct Connect, VPN is cost-effective and can be quickly deployed.

To ensure high reliability of the hybrid cloud network and reduce costs, you can use Enterprise Router, Direct Connect, and VPN to connect the on-premises data center to the cloud, and use VPN to back up Direct Connect. If a Direct Connect connection becomes faulty, VPN automatically takes over, which minimizes service interruptions.

You can share an enterprise router with different accounts to attach VPCs of these accounts to the same enterprise router for communications.

If you need to set up a hybrid cloud network, it is recommended that you use Enterprise Router and Direct Connect Global DC Gateway. For details, see Setting Up a Hybrid Cloud Network Using Enterprise Router, VPN, and Direct Connect (Global DC Gateway).

From May 2024, Enterprise Router and Direct Connect Virtual Gateway cannot be used together to set up a hybrid cloud network. Existing networks that are set up using Enterprise Router and Direct Connect Virtual Gateway are not effected.

Architecture

Figure 1 Network diagram of Direct Connect and VPN connections working in an active/standby pair

Advantages

An enterprise router enables automatic switchover between active and standby Direct Connect and VPN connections. This prevents service loss and reduces maintenance costs.

Notes and Constraints

The CIDR blocks of the VPCs and of the on-premises data center cannot overlap.